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Amendments to the Specification: 

Please replace the paragraph beginning at page 2, line 10, with the following amended 

paragraph: 

One aspect of the operation of the router 1 1 is that it allows for network managers to access 
control features of the router. Typically, the CPU 24 will be programmed to allow a network 
manger manager to change operations of the router. For example, a network manager might 
modify routing tables of the router, block certain ports from fraffic from hosts having different IP 
addresses, set up new subnets or change subnets. 



Please replace the paragraph beginning at page 4, line 28, with the following amended 

paragraph: 

As discussed above, one aspect of the operation of the router 101 is that it allows for network 
managers to access control features of the router. Typically, the CPU 116 will be programmed to 
allow a network manger manager to change operations of the router. For example, a network 
manager might modify routing tables of the router, block certain ports from traffic from hosts 
having certain IP addresses, set up new subnets or change subnets. As discussed above, in order 
to gain access to, and send instructions to a CPU for the management of the router 101, typically 
one of a number of different management communication protocols are used. These protocols 
can include Telnet, SSH, Web management, SNMP, and TFTP etc. 



Please replace the paragraph beginning at page 2, line 26, with the following amended 

paragraph: 

Fig. 1 shows layer 2 subnets 30, 32, 34, 36, 38 and 40 connected to ports 12, 14, 16, 18, 20 and 
22 of the router 1 1 . The layer 2 subnets would typically include a number of layer 2 switches 
networked together, and hosts, such as personal computers or other devices would be connected 
to the switches. A host having proper authorization such as proper passwords, or having been 
previously identified by their source IP address, and generating data packets in accordance with 
the management communication protocol utilized by the system would be able to gain access to 
the management functions of the CPU 24 of the router 1 1 through the any of the ports 12-22 of 
the router 11. The CPU 24 is responsible for receiving the data packets from hosts of the layer 2 
subnet which that are directed to [[the]] obtaining access to the management functions of the 
CPU 24. If the CPU 24 determines that the host attempting to obtain access to the management 
functions[[,]] is not authorized for such access, for example, the host could be a hacker 
attempting to attack the router II, then the CPU 24 will drop the data packets from the attacking 
host, and additional protective measures could also be taken. 
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Please replace the paragraph beginning at page 7, line 15, with the following amended 

paragraph: 

As shown by the above discussion in order for a host to gain access to the management control 
functions of the CPU 116, the host must generate and transmit management data packets, where 
such packets are ones which are directed to an IP address which corresponds to the gateway IP 
address for the management port, and where such packets are [[in]] originate from a management 
VLAN. 



Please replace the paragraph beginning at page 9, line 30, with the following amended 

paragraph: 

Fig. 3 shows a method 300 of an embodiment of the invention. At 302 a management port is 
defined. This can include creating a management virtual local area network as described above. 
A management subnet is defined at 304. The management subnet can be part of the management 
VLAN as described above. Additionally, management VLAN planes can be defined in layer 2 
switches of other subnets of the system, as describe above. In operation of the system, data 
packets are received on ports of the router at 306. The received data packets are then analyzed 
308 to determine if they include a destination IP address which correspond to the management 
address. If the received data packet does not have a destination IP address which corresponds to 
the management address then the data packet will be passed 312 [[to]] according to the 
destination IP address in the data packet. If the received data packet has a destination IP address 
which corresponds to the management address, then the received data packet is analyzed 310 to 
determine if it was received from the management subnet. If it was received from the 
management subnet then the data packet can be passed 3 1 4 to the CPU. If the data packet was 
not received on the managomont port 3 1 6 from the manaucment subnet , then the data packet is 
analyzed 3 16 to determine if it utilizes a management protocol. If it is in a management 
protocol, then the data packet is dropped 318. If the data packet is not in a management data 
protocol, then the data packet is passed 320. 



Please replace the paragraph beginning at page 4, line 6, with the following amended paragraph: 

Fig. 2 shows a system 100 of an embodiment of the present invention. The router 101 operates 
to provide layer 3 routing of data packets between different hosts on the system. For example, 
the router 101 can route data packets received on a port of the router 101 to other ports of the 
router based on a destination source IP address contained in a received data packet. Typically a 
router will contain a large number of ports to which different ie¥el layer 2 subnets are connected. 



Page 3 of 17 



Appl. No. 10/668,455 PATENT 

Amdt. dated June 18, 2009 

Reply to Office Action of March 20, 2009 

In figure 2 six ports 102, 106, 108, 1 10, 1 12 and 1 14 are shown, but in many embodiments the 
router would include additional ports. 
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